package com.lagou.edu.mvcframework.interceptor;

import com.lagou.edu.mvcframework.context.PermissionContext;
import com.lagou.edu.mvcframework.pojo.Invoker;
import sun.rmi.runtime.Log;

import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import java.io.IOException;
import java.security.Permission;
import java.util.logging.Logger;

/**
 * @author liuc
 * @date 2021/4/22
 * @description 权限拦截器
 **/
public abstract class PermissionInterceptor implements BeforeHandler{

    protected Logger log = Logger.getLogger(PermissionInterceptor.class.getName());

    @Override
    public boolean before(HttpServletRequest request, HttpServletResponse response) throws Exception {
        log.info("======= permission handle ========");
        //设置上下文
        String username = request.getParameter("username");
        PermissionContext.setUsername(username);
        //交给子类去做
        boolean pass = hasPermission(request, response);
        if(!pass) response.getWriter().write("no permission!");
        return pass;
    }

    /**
     * 校验权限
     * @param request
     * @param response
     * @return
     */
    protected abstract boolean hasPermission(HttpServletRequest request, HttpServletResponse response);
}
